Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3105 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||||
| CVE-2017-5615 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | |||||
| CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2025-04-20 | 4.3 MEDIUM | 7.4 HIGH |
| Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | |||||
| CVE-2017-8621 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". | |||||
| CVE-2015-4070 | 1 Wow New Media | 1 Wow Moodboard Lite | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2015-5054 | 1 Ellucian | 1 Banner Student | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||
| CVE-2017-7266 | 1 Netflix | 1 Security Monkey | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header. | |||||
| CVE-2015-4668 | 1 Xceedium | 1 Xsuite | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |||||
| CVE-2015-2749 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | |||||
| CVE-2017-11718 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | |||||
| CVE-2017-8451 | 1 Elastic | 1 Kibana | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
| CVE-2017-1223 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. | |||||
| CVE-2017-1450 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | |||||
| CVE-2017-5002 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. | |||||
| CVE-2016-1213 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | |||||
| CVE-2016-7137 | 1 Plone | 1 Plone | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form. | |||||
| CVE-2015-3190 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | |||||
| CVE-2017-1000027 | 1 Koozali | 1 Sme Server | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. | |||||
| CVE-2017-1398 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. | |||||